Medium severity4.3NVD Advisory· Published Jan 1, 2021· Updated Jun 17, 2026
CVE-2020-35934
CVE-2020-35934
Description
The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object (including all metadata) upon login via the REST API (aam/v1/authenticate or aam/v2/authenticate). This is a security problem if this object stores information that the user is not supposed to have (e.g., custom metadata added by a different plugin).
Affected products
2- WordPress/Advanced Access Manager plugindescription
- Range: <6.6.2
Patches
Vulnerability mechanics
References
1- www.wordfence.com/blog/2020/08/high-severity-vulnerability-patched-in-advanced-access-manager/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.